- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
WAC510 - Guest access VLAN across multiple WAC510s connected to different switches
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WAC510 - Guest access VLAN across multiple WAC510s connected to different switches
I have installed multiple WAC510 access points in my organisation connected to multiple switches in multiple locations.
We have one SSID which replicates to all APs. This SSID has access to all parts of the company network.
I want to set up a second SSID which is purely for guest access i.e. Internet access only.
I understand that I need to set up a separate VLAN to achieve this but don't know how to do this if the APs are all connected to different switches, some of which are unmanaged.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WAC510 - Guest access VLAN across multiple WAC510s connected to different switches
There is no magic possible - all switches must be VLAN capable and configured accordingly...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: WAC510 - Guest access VLAN across multiple WAC510s connected to different switches
Contrary to the other reply, to me there is indeed "magic" possible. My experience is with the local web managed mode, I can't say whether it works similar in Insight mode. For me, after your first regular SSID you add your -Guest second SSID and look in the settings for "enable client isolation." For me that seems to allow what I want, where -Guest users can access the internet but nothing else - none of your LAN devices nor each other. No special VLAN stuff required, and it works on multiple access points. Not sure how it works, sort of like it is only allowing access to the gateway and includes DHCP and DNS forwarding.
One little glitch is affecting me on different model (WAC564) only in the most recent firmware (mid-March) and only after power-cycle. That glitch gives me slight hesitation to say that I understand this "client isolation" properly but I tend to think that I do (please don't trust me - verify for your own purposes). After that firmware glitch is corrected, my plan is to combine this Client Isolation with VLAN (which does require configuring in various places). In my case the VLAN would be setup to assign guests an IP address from different range. I'd allow that guest VLAN access to internet (and DNS forwarding) but not to my LAN. In that situation, enabling "client isolation" would not be necessary to keep guests from seeing my LAN, but would be useful to keep guests from seeing each other (saving me a minor additional firewall rule in the VLAN to achieve same result).